Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Using DHCP Option 82 Information

Using DHCP Relay Agent Option 82 Information

Subscriber management enables you to configure the DHCP relay agent to include additional option 82 information in the DHCP packets that the relay agent receives from clients and forwards to a DHCP server. The DHCP server uses the additional information to determine the IP address to assign to the client. The server might also use the information for other purposes—for example, to determine which services to grant the client, or to provide additional security against threats such as address spoofing. The DHCP server sends its reply back to the DHCP relay agent, and the agent removes the option 82 information from the message and forwards the packet to the client.

To configure support for the DHCP relay agent information option 82, you use the relay-option-82 statement. You can configure the DHCP relay agent to include the following suboptions in the packet the relay agent sends to the DHCP server:

  • Agent Circuit ID (suboption 1)—An ASCII string that identifies the interface on which the client DHCP packet is received.

    Note:

    If relay-option-82 is configured, but none of the attributes under relay-option-82 (that is, circuit-id | remote-id | server-id-override) are explicitly configured, then the default behavior is for the circuit-id (that is, suboption 1) to always be included in the option-82 value. This is true whether or not the vendor-specific attribute under relay-option-82 is configured.

  • Agent Remote ID (suboption 2)—An ASCII string assigned by the DHCP relay agent that securely identifies the client.

You can configure the option 82 support globally or for a named group of interfaces.

To restore the default behavior, in which option 82 information is not inserted into DHCP packets, you use the delete relay-option-82 statement.

Note:

The DHCPv6 relay agent provides similar Agent Circuit ID and Agent Remote ID support for DHCPv6 clients. For DHCPv6, subscriber management uses DHCPv6 option 18 to include the circuit ID in the packets that the relay agent sends to a DHCPv6 server, and option 37 to include the remote ID in the packets. See DHCPv6 Relay Agent Options.

The following sections describe the option 82 operations you can configure:

Configuring Option 82 Information

You use the relay-option-82 statement to configure the DHCP relay agent to insert option 82 information in DHCP packets that the relay agent receives from clients and forwards to a DHCP server. When you configure option 82, you can include one of the suboption statements to specify the type of information you want to include in the DHCP packets. If you configure option 82 without including one of the suboption statements, the Agent Circuit ID option is included by default. Use the circuit-id statement to include the Agent Circuit ID (suboption 1) in the packets, or the remote-id statement to include the Agent Remote ID (suboption 2).

You can optionally configure DHCP relay agent to include a prefix or the interface description as part of the suboption information. If you specify the circuit-id or remote-id statement without including any of the optional prefix, use-interface-description, use-vlan-id, include-irb-and-l2, or no-vlan-interface-name statements, the format of the Agent Circuit ID or Agent Remote ID information for Fast Ethernet (fe), Gigabit Ethernet (ge), and integrated routing and bridging (irb) interfaces is one of the following, depending on your network configuration:

  • For Fast Ethernet or Gigabit Ethernet interfaces that do not use VLANs, stacked VLANs (S-VLANs), or bridge domains:

    Note:

    For remote systems, the subunit is required and is used to differentiate an interface.

  • For Fast Ethernet or Gigabit Ethernet interfaces that use VLANs:

  • For Fast Ethernet or Gigabit Ethernet interfaces that use S-VLANs:

Note:

Integrated routing and bridging (IRB) provides simultaneous support for Layer 2 bridging and Layer 3 IP routing on the same interface. IRB enables you to route local packets to another routed interface or to another bridging domain that has a Layer 3 protocol configured.

The interface to bridge domain relationship might be implicit (the interface is mapped to the bridge domain by the system based on the VLAN tag) or explicit (the interface is mapped to the bridge domain by configuring it in the bridge domain definition). For the explicit case, tagging might not be relevant for the mapping.

In the case of an IRB interface, the format displays the Layer 2 interface instead of the IRB interface along with the bridge domain name. For IRB interfaces (or other pseudo devices) the default format is as follows:

  • IRB interfaces that use bridge domains but do not use VLANs or S-VLANs:

  • IRB interfaces that use VLANs:

To include the IRB interface name with the Layer 2 interface name, configure the include-irb-and-l2 statement. The format is as follows:

  • IRB interfaces that use bridge domains but do not use VLANs or S-VLANs:

  • IRB interfaces that use VLANs:

To include only the IRB interface name without the Layer 2 interface and bridge domain or VLAN, configure the no-vlan-interface-name statement. The format is as follows:

To enable insertion of option 82 information:

  1. Specify that you want to configure option 82 support.
  2. Configure the DHCP relay agent to insert the Agent Circuit ID suboption, the Agent Remote ID suboption, or both.

    • To insert the Agent Circuit ID:

    • To insert the Agent Remote ID:

    • To insert both, configure both set commands.

  3. (Optional) Configure a prefix that is used in the option 82 information in the DHCP packets.

    See Including a Prefix in DHCP Options.

  4. (Optional) Configure the DHCP relay agent to include the interface’s textual description instead of the interface identifier in the option 82 information.

    See Including a Textual Description in DHCP Options.

Overriding Option 82 Information

You can configure the DHCP relay agent to add or remove the DHCP relay agent information option (option 82) in DHCP packets.

This feature causes the DHCP relay agent to perform one of the following actions, depending on the configuration:

  • If the DHCP relay agent is configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the DHCP packets and inserts the new values before forwarding the packets to the DHCP server.

  • If the DHCP relay agent is not configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the packets, but does not add any new values before forwarding the packets to the DHCP server.

To override the default option 82 information in DHCP packets destined for a DHCP server:

  1. Specify that you want to configure override options.
  2. Specify that the option 82 information in DHCP packets is overwritten.

Including a Prefix in DHCP Options

When you configure the DHCP relay agent to include DHCP options in the packets that the relay agent sends to a DHCP server, you can specify that the relay agent add a prefix to the DHCP option. You can add a prefix to the following DHCP options:

  • DHCPv4 option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 option 82 Agent Remote ID (suboption 2)

  • DHCPv6 option 18 Relay Agent Interface-ID

  • DHCPv6 option 37 Relay Agent Remote-ID

The prefix is separated from the DHCP option information by a colon (:), and it can include any combination of the host-name, logical-system-name, and routing-instance-name options. The DHCP relay agent obtains the values for the host-name, logical-system-name, and routing-instance-name as follows:

  • If you include the host-name option, the DHCP relay agent uses the hostname of the device configured with the host-name statement at the [edit system] hierarchy level.

  • If you include the logical-system-name option, the DHCP relay agent uses the logical system name configured with the logical-system statement at the [edit logical-system] hierarchy level.

  • If you include the routing-instance-name option, the DHCP relay agent uses the routing instance name configured with the routing-instance statement at the [edit routing-instances] hierarchy level or at the [edit logical-system logical-system-name routing-instances] hierarchy level.

If you include the hostname and either or both of the logical system name and the routing instance name in the prefix, the hostname is followed by a forward slash (/). If you include both the logical system name and the routing instance name in the prefix, these values are separated by a semicolon (;).

The following examples show several possible formats for the DHCP option information when you specify the prefix statement for Fast Ethernet (fe) or Gigabit Ethernet (ge) interfaces with S-VLANs.

  • If you include only the hostname in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

  • If you include only the logical system name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

  • If you include only the routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

  • If you include both the hostname and the logical system name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

  • If you include both the logical system name and the routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

  • If you include the hostname, logical system name, and routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

For Fast Ethernet or Gigabit Ethernet interfaces that use VLANs but not S-VLANs, only the vlan-id value appears in the DHCP option format.

(DHCPv4) To configure a prefix with the option 82 information:

  1. Specify that you want to configure option 82 support.
  2. Configure DHCP relay agent to insert the Agent Circuit ID, the Agent Remote ID, or both.

    • To configure the Agent Circuit ID:

    • To configure the Agent Remote ID:

  3. Specify that the prefix be included in the option 82 information. In this example, the prefix includes the hostname and logical system name.

    • To include the prefix with the Agent Circuit ID:

    • To include the prefix with the Agent Remote ID:

(DHCPv6) To use a prefix with the DHCPv6 option 18 or option 37 information:

  1. Specify that you want to configure DHCPv6 relay agent support.

  2. Configure DHCPv6 relay agent to insert option 18 (Relay Agent Interface-ID), option 37 (Relay Agent Remote-ID), or both.

    • To configure option 18:

    • To configure option 37:

  3. Specify that the prefix is included in the option information. In this example, the prefix includes the hostname and logical system name

    • To include the prefix with option 18:

    • To include the prefix with option 37:

Including a Textual Description in DHCP Options

By default, when DHCP relay agent inserts option information in the packets sent to a DHCP server, the options include the interface identifier. However, you can configure the DHCP relay agent to include the textual description that is configured for the interface instead of the interface identifier. You can use the textual description for either the logical interface or the device interface.

You can include the textual interface description in the following DHCP options:

  • DHCPv4 option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 option 82 Agent Remote ID (suboption 2)

  • DHCPv6 option 18 Relay Agent Interface-ID

  • DHCPv6 option 37 Relay Agent Remote-ID

The textual description is configured separately, using the description statement at the [edit interfaces interface-name] hierarchy level. If you specify that the textual description is used and no description is configured for the interface, DHCP relay defaults to using the Layer 2 interface name.

In the case of integrated routing and bridging (IRB) interfaces, the textual description of the Layer 2 interface is used instead of the textual description of the IRB interface. If there is no description configured, the Layer 2 logical interface name is used.

Note:

For IRB interfaces, the option 82 field must be able to uniquely identify the incoming interface based on either the Agent Circuit ID or Agent Remote ID . You can modify the information in the textual interface description to match the raw IFD (physical interface without a subunit) name and configure the option 82 field to use the interface description.

You can use the textual description with the following DHCP options:

  • DHCPv4 Option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 Option 82 Agent Remote ID (suboption 2)

  • DHCPv6 Relay Agent Interface-ID (option 18)

  • DHCPv6 Relay Agent Remote-ID (option 37)

(DHCPv4) To configure the DHCP relay option 82 suboption to include the textual interface description:

  1. Specify that you want to configure option 82 support.
  2. Configure DHCP relay agent to insert the Agent Circuit ID, Agent Remote ID, or both.
  3. Specify that the textual description is included in the option 82 information. In this example, the option 82 information includes the description used for the device interface.

(DHCPv6) To configure the DHCPv6 option 18 or option 37 to include the textual interface description:

  1. Specify that you want to configure DHCPv6 relay agent support.

  2. Configure DHCPv6 relay agent to insert option 18 (Relay Agent Interface-ID), option 37 (Relay Agent Remote-ID), or both.

    • To configure option 18:

    • To configure option 37:

  3. Specify that the textual description is included in the option information. In the following example, the option information includes the description used for the device interface.

    • To include the textual description in option 18:

    • To include the textual description in option 37:

See Also

Enable Processing of Untrusted Packets So Option 82 Information Can Be Used

By default, the DHCP relay agent treats client packets with a giaddr of 0 (zero) and option 82 information as if the packets originated at an untrusted source, and drops them without further processing. You can override this behavior and specify that the DHCP relay agent process DHCP client packets that have a giaddr of 0 (zero) and contain option 82 information.

To configure DHCP relay agent to trust option 82 information:

  1. Specify that you want to configure override options.
  2. Specify that the DHCP relay agent process DHCP client packets with a giaddr of 0 and that contain option 82 information.

Extracting an Option 82 or Option 37 Substring to Create an Interface Set

Starting in Junos OS Release 17.2R1, you can create an interface set based on a specific, delimited substring of the agent remote ID (ARI) string received in DHCP packets. Specify the predefined variable $junos-pon-id-interface-set-name in a dynamic profile to extract the substring from DHCPv4 (Option 82, suboption 2) or DHCPv6 (Option 37). This substring is inserted by the optical line terminal (OLT) in a passive optical network (PON) and is unique for that PON. The extracted substring is used as the name of the interface set.

The OLT must format the ARI string with a pipe symbol (|) as the delimiter between substrings. The substring extracted for the interface set name consists of the characters following the last delimiter in the ARI string. You determine the format and contents of the substring, and configure your OLT to insert the information. Typically, the substring may include the name and port of the OLT accessed by the CPE optical network terminal (ONT).

For example, the ARI format might be something like the following:

The following sample ARI strings follow that format:

The first two ARIs share the same substring after the last delimiter, ot101.xyz101-202. The third ARI has a different last substring, ot101.xyz101-111. The predefined variable extracts both of these substrings. Two interface sets are created, named ot101.xyz101-202 and ot101.xyz101-111.

The two customer circuits identified by ot101.xyz101-202 are aggregated into that interface set. The single circuit identified by ot101.xyz101-111 is associated with the other set. The interface sets can subsequently be used to apply CoS and services to their associated subscriber circuits.

Before you begin:

  • Configure your OLTs to provide an agent remote ID string in the required format.

  • Configure your DHCPv4 or DHCPv6 relay agents to insert the agent remote ID received from the OLT for forwarding to the DHCP local server.

  • Create the dynamic profile.

This procedure shows only the configuration required for specifying the predefined variable.

  1. Access the desired dynamic profile.
  2. Specify the predefined variable to create the interface set.
  3. Complete the dynamic profile configuration.

You can use the show subscribers extensive command to display the interface set name and the complete ARI string.

show subscribers extensive (Passive Optical Network Circuit Interface Set)

See Also

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
17.2R1
Starting in Junos OS Release 17.2R1, you can create an interface set based on a specific, delimited substring of the agent remote ID (ARI) string received in DHCP packets.